Sensitive information and environment-dependent settings should be defined as
environment variables (as recommended for twelve-factor applications). Using
a .env file to store those environment variables eases development and CI
management by keeping them in one "standard" place and agnostic of the
technology stack you are using (Nginx vs PHP built-in server for instance).

Note

PHP has a lot of different implementations of this "pattern". This
implementation's goal is to replicate what source .env would do. It
tries to be as similar as possible with the standard shell's behavior (so
no value validation for instance).

Load a .env file in your PHP application via Dotenv::load():

1
2
3
4
5
6
7

useSymfony\Component\Dotenv\Dotenv;$dotenv=newDotenv();$dotenv->load(__DIR__.'/.env');// You can also load several files$dotenv->load(__DIR__.'/.env',__DIR__.'/.env.dev');

Given the following .env file content:

1
2
3

# .envDB_USER=root
DB_PASS=pass

Access the value with getenv() in your code:

$dbUser=getenv('DB_USER');// you can also use ``$_ENV`` or ``$_SERVER``

Note

Symfony Dotenv never overwrites existing environment variables.

You should never store a .env file in your code repository as it might
contain sensitive information; create a .env.dist file with sensible
defaults instead.

Symfony Dotenv should only be used in development/testing/staging environments.
For production environments, use "real" environment variables.

As a .env file is a regular shell script, you can source it in your own
shell scripts:

1

source .env

Add comments by prefixing them with #:

1
2
3

# Database credentialsDB_USER=root
DB_PASS=pass # This is the secret password

Use environment variables in values by prefixing variables with $:

1
2

DB_USER=root
DB_PASS=${DB_USER}pass # Include the user as a password prefix